ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sajai (Jira)" <j...@apache.org>
Subject [jira] [Created] (RANGER-2751) SSL enabled Apache Ranger (2.1.0) not working with SSL enabled Presto (Prestosql 310)
Date Thu, 05 Mar 2020 13:03:00 GMT
sajai created RANGER-2751:
-----------------------------

             Summary: SSL enabled Apache Ranger (2.1.0) not working with SSL enabled Presto
(Prestosql 310)
                 Key: RANGER-2751
                 URL: https://issues.apache.org/jira/browse/RANGER-2751
             Project: Ranger
          Issue Type: Bug
          Components: plugins
    Affects Versions: 2.1.0
            Reporter: sajai
             Fix For: 2.1.0


*Facing the below error when trying to integrate Apache Ranger with Prestosql (310 version).*
*Both Ranger and Presto is working independently, but the Presto policies from Ranger are
not downloading/refreshing. Couldn't find the policies downloaded in Ranger web ui in Audits/Plugin
tab. Also if we remove SSL from Ranger side it starts working fine. Issue is only when SSL
is enabled in Ranger, then Presto inot working with Ranger,*

2020-03-04T07:50:59.600-0600 ERROR Thread-91 org.apache.ranger.plugin.util.PolicyRefresher
PolicyRefresher(serviceName=presto-catalogs-dev): failed to refresh policies. Will continue
to use last known version of policies (-1)
java.lang.IllegalArgumentException: TrustManager is not specified

*ranger-2.1.0-SNAPSHOT-admin/install.properties:-*

db_root_user=root
db_root_password=Sqlpwd@123
db_host=localhost

db_name=ranger
db_user=rangeradmin
db_password=Rangerpwd@123

rangerAdmin_password=Rangerpwd@123
rangerTagsync_password=Rangerpwd@123
rangerUsersync_password=Rangerpwd@123
keyadmin_password=Rangerpwd@123

policymgr_external_url=https://hostname_ranger:6182
policymgr_http_enabled=false
policymgr_https_keystore_file=/opt/iss_cert/clientcert.jks
policymgr_https_keystore_keyalias=kkkk
policymgr_https_keystore_password=31b17532aeb4fb5ba3af2bae850567

unix_user=ranger
unix_user_pwd=Rangerpwd@123
unix_group=ranger

#LDAP|ACTIVE_DIRECTORY|UNIX|NONE
authentication_method=LDAP
xa_ldap_url=ldaps://hostname_ldapserver:636
xa_ldap_userDNpattern=uid=\{0},OU=xxx,DC=xx,DC=cccc,DC=COM
xa_ldap_groupSearchBase=DC=xxx,DC=ccc,DC=COM
xa_ldap_groupSearchFilter=(member=cn=\{0},OU=xxx,DC=xx,DC=cccc,DC=COM)
xa_ldap_groupRoleAttribute=cn
xa_ldap_base_dn=DC=xx,DC=cccc,DC=COM
xa_ldap_bind_dn=CN=XXX,OU=XX,DC=xx,DC=cccc,DC=COM
xa_ldap_bind_password=uBLRxxxxxxxxzVJK
xa_ldap_referral=follow
xa_ldap_userSearchFilter=(uid=\{0})

*With the above values,able to start ranger with SSL and LDAP enabled and also able to login
succesfully with both unix admin credentials and also with ldap credentials.*

 

*ranger-2.1.0-SNAPSHOT-presto-plugin/install.properties:-*

POLICY_MGR_URL=https:/hostname_ranger:6182

REPOSITORY_NAME=presto-catalogs-dev

*# You do not need use SSL between agent and security admin tool, please leave these sample
value as it is.*

SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=none
SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
SSL_TRUSTSTORE_PASSWORD=none

*keep blank if component user is default*
CUSTOM_USER=
*keep blank if component group is default*
CUSTOM_GROUP=

 
*presto-server-310/etc/config.properties:-*
coordinator=true
node-scheduler.include-coordinator=true
http-server.http.enabled=false
node.internal-address-source=FQDN
node.internal-address=hostname_presto
internal-communication.https.required=true
internal-communication.https.keystore.path=/opt/iss_cert/clientcert.jks
internal-communication.https.keystore.key=31b17532aeb4fb5ba3af2bae850567
discovery-server.enabled=true
discovery.uri=https://hostname_presto:8443
http-server.authentication.type=PASSWORD,CERTIFICATE
http-server.https.enabled=true
http-server.https.port=8443
http-server.https.keystore.path=/opt/iss_cert/clientcert.jks
http-server.https.keystore.key=31b17532aeb4fb5ba3af2bae850567



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message